package com.hub.frame.pojo;

import com.hub.entity.AuthMenu;
import com.hub.entity.AuthRole;
import com.hub.entity.AuthUserInfo;
import com.hub.mapper.AuthRoleMapper;
import com.hub.mapper.AuthUserInfoMapper;
import com.hub.model.auth.AuthUserInfoVo;
import com.hub.frame.service.cache.ICached;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import javax.annotation.Resource;
import java.util.List;

/**
 * AuthRealm
 *
 * @description: 自定义身份认证realm
 * @author hub
 * @create: 2020-05-18 09:04
 */
public class AuthRealm extends AuthorizingRealm {

    @Resource
    private AuthRoleMapper authRoleMapper;
    @Resource
    private AuthUserInfoMapper authUserInfoMapper;
    @Resource
    private ICached cached;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        //1. 从 PrincipalCollection 中来获取登录用户的信息
        AuthUserInfo user = (AuthUserInfo) principals.getPrimaryPrincipal();
        List<AuthRole> roles = authRoleMapper.selectByUserId(user.getId());
        AuthUserInfoVo authUserInfoVo = authUserInfoMapper.selectMenuByUserId(user.getId()+"");
        List<AuthMenu> menus = authUserInfoVo.getMenus();

        //2.添加角色和权限
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        for (AuthRole role : roles) {
            //2.1添加角色
            simpleAuthorizationInfo.addRole(role.getId()+"");
        }
        for (AuthMenu menu : menus) {
            //2.1.1添加权限
            simpleAuthorizationInfo.addStringPermission(menu.getPermisson());
        }
        return simpleAuthorizationInfo;
    }

    @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        //获取token，既前端传入的token
        String accessToken = (String) token.getPrincipal();
        //1. 根据accessToken，查询用户信息
//        String userId = cached.getString(accessToken);
        Object obj = cached.getObj(accessToken);
        if(obj == null){
            throw new IncorrectCredentialsException("token失效，请重新登录");
        }
        CachedUserInfo cachedObj = (CachedUserInfo) obj;
        String userId = cachedObj.getUserId();
        //2. token失效
        if (StringUtils.isEmpty(userId)) {
            throw new IncorrectCredentialsException("token失效，请重新登录");
        }
        //3. 调用数据库的方法, 从数据库中查询 username 对应的用户记录
        AuthUserInfo user = authUserInfoMapper.selectById(userId);
        //4. 若用户不存在, 则可以抛出 UnknownAccountException 异常
        if (user == null) {
            throw new UnknownAccountException("用户不存在!");
        }
        //5. 根据用户的情况, 来构建 AuthenticationInfo 对象并返回. 通常使用的实现类为: SimpleAuthenticationInfo
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, accessToken, this.getName());
        return info;
    }
}
